[Jifty-commit] r7471 - jifty/trunk/lib/Jifty/Web/Form/Field
Jifty commits
jifty-commit at lists.jifty.org
Thu Sep 3 15:27:41 EDT 2009
Author: ruz
Date: Thu Sep 3 15:27:40 2009
New Revision: 7471
Modified:
jifty/trunk/lib/Jifty/Web/Form/Field/Collection.pm
Log:
* fix a lot of missing escapes in ::Field::Collection and some other
obviouse problems, probably it never been used
Modified: jifty/trunk/lib/Jifty/Web/Form/Field/Collection.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Web/Form/Field/Collection.pm (original)
+++ jifty/trunk/lib/Jifty/Web/Form/Field/Collection.pm Thu Sep 3 15:27:40 2009
@@ -9,6 +9,12 @@
Jifty::Web::Form::Field::Collection - render a whole collection of available values
+=head1 DESCRIPTION
+
+Renders multiple text inputs with the same name, available_values used as defaults.
+
+=head1 METHODS
+
=head2 render_widget
Renders the whole collection of available values.
@@ -33,7 +39,9 @@
sub render_label {
my $self = shift;
Jifty->web->out(
- qq!<span class="label @{[$self->classes]}">@{[_($self->label) ]}</span>\n!
+ qq{<span class="label @{[$self->classes]}">}
+ . Jifty->web->escape(_($self->label))
+ . qq{</span>\n}
);
return '';
@@ -49,21 +57,25 @@
my $self = shift;
my $opt = shift;
my $display = ref($opt) ? $opt->{'display'} : $opt;
- my $value = ref($opt) ? $opt->{'value'} : $value;
- $value = "0" if !defined($value);
+ my $value = ref($opt) ? $opt->{'value'} : $opt;
+ $value = "0" unless defined $value;
my $id = $self->element_id . "-" . $value;
$id =~ s/\s+/_/;
+
+ my $wclass = $self->_widget_class;
+
my $field = qq! <input type="text" !;
- $field .= qq! name="@{[ $self->input_name ]}"!;
- $field .= qq! title="@{[ $self->title ]}"! if ($self->title);
- $field .= qq! id="@{[ $id ]}"!;
- $field .= qq! value="0"!;
- $field .= $self->_widget_class;
-
- $field .= qq{ /><label for="@{[ $id ]}"};
- $field .= $self->_widget_class;
- $field .= qq{ >$display</label>\n };
+ $field .= qq! name="@{[ Jifty->web->escape( $self->input_name ) ]}"!;
+ $field .= qq! title="@{[ Jifty->web->escape( $self->title ) ]}"! if ($self->title);
+ $field .= qq! id="@{[ Jifty->web->escape( $id ) ]}"!;
+ $field .= qq! value="@{[ Jifty->web->escape( $value ) ]}""!;
+ $field .= $wclass;
+ $field .= qq{ />};
+
+ $field .= qq{<label for="@{[ Jifty->web->escape( $id ) ]}"};
+ $field .= $wclass;
+ $field .= qq{ >@{[ Jifty->web->escape( $display ) ]}</label>\n };
$field = qq{<span class="multitext">$field</span>};
More information about the Jifty-commit
mailing list